<?php 	 
	ob_start();	
	include("../../config/database.php");
	tep_db_connect() or die('Unable to connect to database server!');	
	$method=$_REQUEST['method'];
	switch($method)
	{
		case "insert":
			
			$product_name=$_REQUEST['name'];
			$product_price=$_REQUEST['price'];
			$categories_id=$_REQUEST['categories'];
			$product_description=$_REQUEST['description'];
			$file_path="../../images";
			$new_path="";	
			
		  $target = "../../Hinhanh/"; 
			 $target = $target . basename( $_FILES['upload']['name']) ;
			 $ok=1; 
			 if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) 
			 {
				echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded";
			 } 
			 else {
				echo "Sorry, there was a problem uploading your file.";
			 }
			 $product_image=basename( $_FILES['upload']['name']);
			 $sql="INSERT INTO products(products_image,products_price)VALUES('$product_image','$product_price')";
			 $sqlS="SELECT products_id FROM products ORDER BY products_id desc LIMIT 1";
			 $result=mysql_query($sqlS);
			 $product=mysql_fetch_array($result);
			$products_id=$product['products_id'];			
			$sql1="INSERT INTO products_description(products_id,products_name,products_description)VALUES('$products_id','$product_name','$product_description')";
			$sql2="INSERT INTO products_to_categories(products_id,categories_id)VALUES('$products_id','$categories_id')";
			mysql_query($sql);
			mysql_query($sql1);
			mysql_query($sql2);			
			header("Location:".$_SERVER['HTTP_REFERER']."");
		break;
		case "edit":
			$proId=$_REQUEST['proId'];
			$product_name=$_REQUEST['name'];
			$product_price=$_REQUEST['price'];
			$categories_id=$_REQUEST['categories'];
			$product_description=trim($_REQUEST['description']);
			$file_path="../../images";
			$new_path="";			
			$target = "../../Hinhanh/";
			if($_FILES['upload']['name']){			
				 $target = $target . basename( $_FILES['upload']['name']) ;
				 $ok=1; 
				 if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) 
				 {
					echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded";
				 } 
				 else {
					echo "Sorry, there was a problem uploading your file.";
				 }
				 $product_image=basename( $_FILES['upload']['name']);
			 }
			 $sql="UPDATE products SET ";
			 if($product_price){
				$sql.=" products_price='$product_price'";
			 }
			 if($product_image){
				$sql.=", products_image='$product_image'";
			 }			 
			$sql.=" WHERE products_id=$proId";	
			
			$sql1="UPDATE products_description SET ";
			if($product_name){
				$sql1.=" products_name='$product_name'";
			}
			if($product_description){
				$sql1.=", products_description='$product_description'";
			}
			$sql1.=" WHERE products_id=$proId";		
			//update product_to_categories
			$sql_pro_to_cate="UPDATE products_to_categories categories_id=$categories_id
						 WHERE products_id=$proId";
			
			mysql_query($sql);
			mysql_query($sql1);	
			mysql_query($sql_pro_to_cate);			
			header("Location:".$_SERVER['HTTP_REFERER']."");
		break;
		case "delete":
			$proId=$_REQUEST['proId'];
			$sql_pro_to_cate="DELETE FROM products_to_categories WHERE products_id=$proId";
			$sql_pro_des="DELETE FROM products_description WHERE products_id=$proId";
			$sql_pro="DELETE FROM products WHERE products_id=$proId";
			mysql_query($sql_pro_to_cate);
			mysql_query($sql_pro_des);
			mysql_query($sql_pro);
		break;
		case "deleteAll":
			$proIds=$_REQUEST['proIds'];
			$str_proId="'".implode("','",$proIds)."'";		
			$sql_pro_to_cate="DELETE FROM products_to_categories WHERE products_id in ($str_proId)";
			$sql_pro_des="DELETE FROM products_description WHERE products_id in ($str_proId)";
			$sql_pro="DELETE FROM products WHERE products_id in ($str_proId)";		
			mysql_query($sql_pro_to_cate);
			mysql_query($sql_pro_des);
			mysql_query($sql_pro);
			
		break;
	
	}
	
?>